| 1 |
\input texinfo |
\input texinfo |
| 2 |
|
|
| 3 |
|
@c %**start of header |
| 4 |
@setfilename WinPT |
@setfilename WinPT |
| 5 |
|
@settitle WinPT - The Windows Privacy Tray; a free GPG front-end |
| 6 |
|
@afourpaper |
| 7 |
|
@c %**end of header |
| 8 |
|
|
| 9 |
This file describes the Windows Privacy Tray program and its main functions |
@titlepage |
| 10 |
|
@title Windows Privacy Tray |
|
This file is free under the terms of the GNU General Public License v2. |
|
| 11 |
|
|
| 12 |
Copyright (C) 2006 Timo Schulz |
@subtitle A free GUI Front-End for GNU Privacy Guard |
| 13 |
|
|
| 14 |
Version 0.2.0 |
@author Timo Schlz, Sundar Pillay |
| 15 |
|
This file describes the Windows Privacy Tray program and its main functions |
| 16 |
|
This file is free under the terms of the GNU General Public License v2. |
| 17 |
|
Version 1.1.1 Copyright (C) 2006 Timo Schulz, Sundar Pillay |
| 18 |
|
@end titlepage |
| 19 |
|
|
|
@settitle WinPT - The Windows Privacy Tray; a free GPG front-end for Windows |
|
| 20 |
|
|
| 21 |
@section Requirements for WinPT |
@section Requirements for WinPT |
| 22 |
|
|
| 23 |
First you need to have a working GnuPG 1.4 installtion on the machine you |
First you need to have a working GnuPG 1.4 installtion on the machine you plan to install WinPT. |
| 24 |
plan to install WinPT. If you don't have GPG in your machine, please |
If you do not have GPG in your machine, please visit http://www.gnupg.org and download the latest |
| 25 |
visit http://www.gnupg.org and download the latest GPG version there. |
GPG version there. It comes with a graphical installer so there is no need to do the |
| 26 |
It comes with a graphical installer so there is no need to do this |
installation manually. |
| 27 |
step manually. |
|
| 28 |
|
You need at least Windows 98/2K/XP, but Windows XP or better is recommend. The program also works |
| 29 |
You need at least Windows 98/2K/XP, but Windows XP or better is |
on NT/95/ME but there is no support for these OS versions any longer. Mainly because the OS |
| 30 |
recommend. The program also works on NT/95/ME but there is no support |
vendor also dropped support and no bug fixes will be provided any longer. |
| 31 |
for these OS versions any longer. |
And it is very likely that the program does not work optimal on such platforms. |
| 32 |
|
|
| 33 |
@section A short Introduction |
@section A short Introduction |
| 34 |
|
|
| 35 |
WinPT is a graphical GnuPG front-end which resides in the task bar. |
WinPT is a graphical GnuPG front-end which resides in the task bar. It is divided into several, |
| 36 |
It is divided into several, so-called, managers. There is a manager |
so-called, managers. There is a manager for the key(ring), for files and for smart cards. |
| 37 |
for the keyring, for files and for smart cards. The aim of the program |
The aim of the program is to secure email communication and to perform file encryption and |
| 38 |
is to secure email communication and to perform file encryption. |
to allow an easy and user friendly way for key management. |
| 39 |
|
|
| 40 |
@subsection What is GnuPG |
@subsection What is GnuPG |
| 41 |
GnuPG is a tool for secure communication and data storage. |
GnuPG is a tool for secure communication and data storage. It can be used to encrypt data and |
| 42 |
It can be used to encrypt data and to create digital signatures. |
to create digital signatures. It includes an advanced key management facility and is compliant |
|
It includes an advanced key management facility and is compliant |
|
| 43 |
with the proposed Internet standard as described in RFC2440. |
with the proposed Internet standard as described in RFC2440. |
| 44 |
|
|
| 45 |
@subsection The Web of Trust |
@subsection The Web of Trust |
| 46 |
For a detailled description of these and other GnuPG topics, I |
For a detailled description of these and other GnuPG topics, I recommend the available literature |
| 47 |
recommend the available literature at http://www.gnupg.org. But |
at http://www.gnupg.org. But at least a general overview should be given here. |
| 48 |
at least a general overview should be given here. |
|
| 49 |
|
The certification scheme of OpenPGP does not base on a hirachical approach. Instead it uses |
| 50 |
The certification scheme of OpenPGP does not base on a hirachical |
a combination of ownertrust and direct key certification. |
| 51 |
approach. Instead it uses a combination of ownertrust and direct |
Here is an example with the imaginary persons called Alice, Bob, Carol and Dave. |
| 52 |
key certification. Here is an example with Alice, Bob, Carol and Dave. |
|
| 53 |
|
Alice knows Bob and checked the fingerprint of Bob's key when he met him personally. |
| 54 |
Alice knows Bob and checked the fingerprint of Bob's key when he |
Thus she knows that the key really belongs to its owner and he trusts Bob to certify other keys. |
| 55 |
met him personally. Thus she knows that the key really belongs to |
Then she issued a signature on Bob's key. Bob knows Carol and also checked her identity. |
| 56 |
its owner and he trusts Bob to certify other keys. Then she issued |
Then he signed her key. Alice does not know Carol, but he knows Bob and Bob trusts Carol. |
| 57 |
a signature on Bob's key. Bob knows Carol and also checked her identity. |
And because Alice trusts Bob, at a level she decided before, he also trusts Carol. |
| 58 |
Then he signed her key. Alice does not know Carol, but he knows Bob |
It's a transitiv relation. Dave is isolated and does not know anybody for the mentioned reasons, |
| 59 |
and Bob trusts Carol. And because Alice trusts Bob, at a level she |
thus he is not in the WoT. Another very important point is, that the signer can decide, after the |
| 60 |
decided before, he also trusts Carol. It's a transitiv relation. |
certification, how much he trusts the key owner to certify other keys. |
| 61 |
Dave is isolated and does not know anybody from the mentioned persons, |
|
| 62 |
thus he is not in the WoT. |
It is very important to check the identify of a key owner. Mostly this is done by comparing the |
| 63 |
Another very important point is, that the signer can decide, |
fingerprint, which were submitted by phone or written down at a personal meeting, with the |
| 64 |
after the certification, how much he trusts the key owner to |
fingerprint of the key in the keyring. Please bear in mind that anybody can create a key with an |
| 65 |
certify other keys. |
email address and a specific name. |
| 66 |
|
Thus it is not recommend to sign keys without doing this check before! |
| 67 |
It is very important to check the identify of a key owner. Mostly |
|
| 68 |
this is done by comparing the fingerprint, which were submitted |
The fingerprint of the key is hexadecial (160-bit) sequence divided into 10 groups of 4 hex |
| 69 |
by phone or written down at a personal meeting, with the fingerprint |
digits. You can get the fingerprint of a key by opening the key property dialog. There you can |
| 70 |
of the key in the keyring. Please bear in mind that anybody can create |
mark the fingerprint and copy it to the clipboard. The fingerprint of a key can be compared |
|
a key with an email address and a specific name. Thus it is not |
|
|
recommend to sign keys without doing this check before! |
|
|
|
|
|
The fingerprint of the key is hexadecial (160-bit) sequence divided |
|
|
into 10 groups of 4 hex digits. You can get the fingerprint of a key |
|
|
by opening the key property dialog. There you can mark the fingerprint |
|
|
and copy it to the clipboard. The fingerprint of a key can be compared |
|
| 71 |
to human fingerprints, it is unique for each key. |
to human fingerprints, it is unique for each key. |
| 72 |
|
|
| 73 |
Example: 1D75 8108 5BC9 D9FB E78B 2078 ED46 81C9 BF3D F9B4 |
Example: 1D75 8108 5BC9 D9FB E78B 2078 ED46 81C9 BF3D F9B4 |
| 77 |
|
|
| 78 |
@section Installation of the Program |
@section Installation of the Program |
| 79 |
|
|
| 80 |
It is always recommend to use the latest version of the program. You |
It is always recommend to use the latest version of the program. You can download it from |
| 81 |
can download it from http://wald.intevation.org/projects/winpt. |
http://wald.intevation.org/projects/winpt. Download the zip file with the binaries inside and |
| 82 |
Download the zip file with the binaries inside and unpack them in |
unpack them in a folder. All files need to be in the same folder, so if you change the folder do |
| 83 |
a folder. All files need to be in the same folder, so if you change |
not forget to move all files. |
| 84 |
the folder don't forget to move all files. |
You should also download and verify the signature of the packet to make sure that the release is |
| 85 |
You should also download and verify the signature of the packet to |
really authentic and were not altered in any way. |
| 86 |
make sure that the release is really authentic. |
|
| 87 |
|
To activate the program you just need to start WinPT.exe. You should now see a |
| 88 |
To activate the program you just need to start WinPT.exe. You should |
little (golden key) icon in the taskbar which indicates that the program is running. |
| 89 |
now see a little (golden key) icon in the taskbar which indicates that |
If you want to quit the program, right click on the symbol and select "Exit". |
| 90 |
the program is running. If you want to quit the program, right click |
|
| 91 |
on the symbol and select "Exit". |
Alternative, you may use one of the graphical GPG installers which are available on the internet. |
| 92 |
|
I recommend to use Gpg4Win which includes a set of very useful privacy tools, beside WinPT and it |
| 93 |
Alternative, you may use one of the graphical GPG installers which |
is very easy to use with an average size (~4MB). For non-German speaking users, I recommend the |
| 94 |
are available on the internet. I recommend to use Gpg4Win which |
light version because it does not contain the 2 German PDF manuals. |
| 95 |
includes a set of very useful privacy tools, beside WinPT and it |
|
| 96 |
is very easy to use with an average size (~4MB). For non-German |
@subsection Configure the Program |
| 97 |
speaking users, I recommend the light version because it does not |
After the installation not much of the default settings need to be changed. If you prefer a |
| 98 |
contain the 2 German PDF manuals. |
special keyserver, it is propably a good idea to open the keyserver dialog and to set one of the |
| 99 |
|
existing keyservers as the default or create a new entry and mark it as the new default. |
| 100 |
|
The default keyserver is subkeys.pgp.net, which is the best choice for most users. |
| 101 |
|
|
| 102 |
|
@subsection The GPG Preference Dialog |
| 103 |
|
In this dialog you can change your GPG config and customize its behaviour. Please be advised that |
| 104 |
|
in most cases there is no need to overwrite the default GPG path settings. |
| 105 |
|
There are three different paths available. First, the GPG home directory. The place where the |
| 106 |
|
keyrings are stored and also the config files. The second path points directly to the gpg.exe. |
| 107 |
|
The third is the path to the language files, |
| 108 |
|
where you usually store your winpt.mo/gpg.mo files. These entries should be only changed when |
| 109 |
|
really need and extra caution is needed because with wrong settings, WinPT will not be able to |
| 110 |
|
work any longer! |
| 111 |
|
|
| 112 |
|
The second part of the dialog is the "General GPG options" section. Here you can influence the |
| 113 |
|
behaviour of some commands. If you do not know what they mean, it is safe not to change the |
| 114 |
|
values and stick with the default ones. |
| 115 |
|
For expert users, it is possible to set the signature class of issued key signatures and to set |
| 116 |
|
an expiration date for key signatures or to specify an comment in armor files. |
| 117 |
|
The "Encrypt to this key" might be useful for anybody who needs to decrypt mails or any data he |
| 118 |
|
sent to a recipient. The field value should contain the key ID of the default key pair. |
| 119 |
|
|
| 120 |
|
@subsection Preferences |
| 121 |
|
In the WinPT preference dialog, the user can modify and/or disable the default options. For new |
| 122 |
|
users it is suggested to leave the default values as they are, except when there are problems |
| 123 |
|
related to the hotkeys. |
| 124 |
|
|
| 125 |
|
To enable keyring backups, the user can either decide to use the GPG home directory as the backup |
| 126 |
|
folder or any other folder. In the latter case, a folder needs to be chosen. |
| 127 |
|
The program makes the backup before it terminates and thus it is very important that the keyrings |
| 128 |
|
are stil accessable at this moment. For example if you use an USB flash drive to store your keyrings, |
| 129 |
|
you should unplug it after the the icon disappeared at the task bar. |
| 130 |
|
By default the secret keyring will not be backuped, if you wish that the secret keyring should be |
| 131 |
|
also backuped, and this usually means the backup folder cannot be accessed by other people, you need |
| 132 |
|
to mark "Backup includes secret keyring". |
| 133 |
|
|
| 134 |
@subsection Getting the Source of the Program |
@subsection Getting the Source of the Program |
| 135 |
As free software, according to the GNU General Public License, |
As free software, according to the GNU General Public License, WinPT also offers the source code |
| 136 |
WinPT also offers the source code for the program. It can be used |
for the program. It can be used for reviews, to compile your own binary and/or to modify and/or |
| 137 |
for reviews, to compile your own binary and/or to modify and/or |
redistribute it or just to learn how it works. The source is available at the same place you |
| 138 |
redistribute it or just to learn how it works. The source is available |
downloaded the binary. If not, you should contact the author of the site. |
| 139 |
at the same place you downloaded the binary. If not, you should |
The entire program can be build with free software; the default environment is a cross-compiler |
| 140 |
contact the author of the site. |
hosted on a Linux box. All you need is the mingw32 packages, a working autoconf environment |
|
The entire program can be build with free software; the default |
|
|
environment is a cross-compiler hosted on a Linux box. All you |
|
|
need is the mingw32 packages, a working autoconf environment |
|
| 141 |
and the libs WinPT depends on (currently gpgme and libgpg-error). |
and the libs WinPT depends on (currently gpgme and libgpg-error). |
| 142 |
It is also possible to build the binary with cygwin/mingw32 on |
It is also possible to build the binary with cygwin/mingw32 on Windows but this environment is |
| 143 |
Windows but this environment is not actively supported and propably |
not actively supported and propably needs adjustment of the source. |
|
needs adjustment of the source. |
|
| 144 |
|
|
|
@subsection Configure the Program |
|
|
After the installation not much of the default settings need to |
|
|
be changed. If you prefer a special keyserver, it is propably a good |
|
|
idea to open the keyserver dialog and to set one of the existing |
|
|
keyservers as the default or create a new entry and mark it as the |
|
|
new default. The default keyserver is subkeys.pgp.net, which is |
|
|
the best choice for most users. |
|
|
|
|
|
@subsection GPG Options |
|
|
For expert users, the GPG preference dialog might contain some |
|
|
interesting options. For example to set the expiration date of |
|
|
a signature and/or to set the signing level for key signing. |
|
|
It also allows to set a default 'encrypt-to' key and to set |
|
|
the comment in ASCII armored files. |
|
| 145 |
|
|
| 146 |
@subsection Preferences |
@section Native Language Support |
|
In the WinPT preference dialog, the user can modify and/or disable |
|
|
the default options. For new users it is suggested to leave the |
|
|
default values as they are, except when there are problems related |
|
|
to the hotkeys. |
|
|
|
|
|
To enable keyring backups, the user can either decide to use the |
|
|
GPG home directory as the backup folder or any other folder. In |
|
|
the latter case, a folder needs to be chosen. |
|
| 147 |
|
|
| 148 |
|
The program has the ability to select different languages to provide dialogs and error messages |
| 149 |
|
in the native language of the user. Currently German, Japanese, Portuguese (Brazil) and Slovak. |
| 150 |
|
When WinPT has been installed via a graphical installer, for example Gpg4Win, the language was |
| 151 |
|
automatically selected based on the locale Windows environment. If the stand-alone binary was |
| 152 |
|
downloaded, WinPT offers at the first start to select a language, based on the .mo file it |
| 153 |
|
founded in the current directory. |
| 154 |
|
Otherwise the user needs to perform the following steps. The WinPT ZIP archive contains various |
| 155 |
|
.mo files (de.mo, jp.mo, sk.mo) and the user needs to find his native language, if available and |
| 156 |
|
rename the file to "winpt.mo". For example, if the user prefers German, "de.mo" -> "winpt.mo". |
| 157 |
|
Now the user needs to save the locale dir, where the winpt.mo is stored, in the GPG preference dialog. |
| 158 |
|
|
| 159 |
@section The First Start |
@section The First Start |
| 160 |
|
|
| 161 |
This section is only important for people who never installed |
This section is only important for people who never installed and/or used WinPT before and thus |
| 162 |
and/or used WinPT before. |
no keyrings are available. |
| 163 |
|
|
| 164 |
When the program is started the first time, it offers two choices. |
When the program is started the first time, it offers two choices. The one is to generate a key |
| 165 |
The one is to generate a key pair and the other is to copy |
pair and the other is to copy existing GPG keyrings into the current installation. |
|
existing GPG keyrings into the current installation. |
|
| 166 |
|
|
| 167 |
We assume the user will select the first entry. |
We assume the user will select the first entry. |
| 168 |
|
|
| 169 |
Now a new dialog is shown which requests some information from |
Now a new dialog is shown which requests some information from the user to allow a meaningful |
| 170 |
the user to allow a meaningful association between the key and |
association between the key and the user. If the user prefer RSA keys, the check box should be |
| 171 |
the user. If the user prefer RSA keys, the check box should be marked. |
marked. |
| 172 |
If the entered data is OK, WinPT then generates a new key pair. As long |
But this is a decision of personal taste and does not influence the security or anything else. |
| 173 |
as this step takes, a progress dialog is shown to indicate the |
If the entered data is OK, WinPT then generates a new key pair. As long as this step takes, a |
| 174 |
enduring process. When the generation of the keypair is done, WinPT |
progress dialog is shown to indicate the enduring process. When the generation of the keypair is |
| 175 |
offers the chance to backup the existing keyrings. This is definitely |
done, WinPT offers the chance to backup the existing keyrings. |
| 176 |
an important decision because if the keyring will get corrupted |
This is definitely an important decision because if the keyring will get corrupted or lost, there |
| 177 |
or lost, there is no way to recover the encrypted data. That is |
is no way to recover the encrypted data. That is why it is also important to store the backup, at |
| 178 |
why it is also important to store the backup, at least of the |
least of the secret keyring, at a @strong{safe} place. |
| 179 |
secret keyring, at a @strong{safe} place. |
|
| 180 |
|
@subsection Use existing Keyrings and/or Keys |
| 181 |
|
If you already have a valid OpenPGP key pair and you do not want to generate a new key pair, you |
| 182 |
|
should select the second choice at the first start. Then the program will copy your existing keyrings |
| 183 |
|
to the new home directory. Please bear in mind that you need to set the ownertrust manually for each |
| 184 |
|
imported key. You can skip this step if you exported the ownertrust manually to a file, but because |
| 185 |
|
this is a step for experienced users it is not described here. The most important step is, to set |
| 186 |
|
your own key to ultimate ownertrust after import. |
| 187 |
|
|
| 188 |
|
If you have other OpenPGP programs and you wish to use the keys from this application, it is a good |
| 189 |
|
idea to select all keys you want to use and to export them into a single file. Then open the WinPT |
| 190 |
|
Key Manager and drag the file into the Key Manager window. |
| 191 |
|
|
| 192 |
|
@section The Passphrase for the Secret Key |
| 193 |
|
|
| 194 |
|
First a short explaination what passphrase is. A passphrase is like a password but usually |
| 195 |
|
longer, maybe a sentence, which can consists of any 7-bit ASCII characters. It is used to protect |
| 196 |
|
your secret key and thus it is very import to chose a secure passphrase. If your computer, and |
| 197 |
|
thus the secret key, were stolen and an attacker can guess your passphrase he is able to decrypt |
| 198 |
|
all your data and to create signatures in your name! A good passphrase is difficult to guess but |
| 199 |
|
easy to remember and should be at least 10 characters long. |
| 200 |
|
An easy way to generate a strong passphrase is to use a sentence only you know but you can easily |
| 201 |
|
remind and then take the first letter of each word, plus some special characters and maybe even |
| 202 |
|
some intentionally made spelling mistakes. |
| 203 |
|
|
| 204 |
|
Example: Row - row - row your boat, gently down the stream |
| 205 |
|
Passphrase: "R - r - ryb,gdts" |
| 206 |
|
|
| 207 |
|
Never write down your passphrase or share it among other people! |
| 208 |
|
|
| 209 |
@section Keyserver Access |
@section Keyserver Access |
| 210 |
|
|
| 211 |
An easy way to retrieve keys is the keyserver. You can think of |
An easy way to retrieve keys is the keyserver. You can think of it like a huge database with a |
| 212 |
it like a huge database with a lot of keys as its content. It is |
lot of keys as its content. It is possible to search keys by a pattern, a keyid or even a |
| 213 |
possible to search keys by a pattern, a keyid or even a fingerprint. |
fingerprint. |
| 214 |
WinPT allows to access different kind of keyservers. For example |
WinPT allows to access different kind of keyservers. For example LDAP, HKP, Finger and HTTP. |
| 215 |
LDAP, HKP, Finger and HTTP. But the focus will be set on HKP because |
But the focus will be set on HKP because this is the common case. |
|
this is the common case. |
|
|
|
|
|
In some situations WinPT asks the user whether to retrieve keys |
|
|
automatically. One example is the signature verification when the |
|
|
key that issued the signature was not found in the keyring. |
|
| 216 |
|
|
| 217 |
The main keyserver dialog allows to fetch one or more keys directly |
In some situations WinPT asks the user whether to retrieve keys automatically. One example is the |
| 218 |
or to search for a given pattern. |
signature verification when the key that issued the signature was not found in the keyring. |
| 219 |
|
|
| 220 |
|
The main keyserver dialog allows to fetch one or more keys directly or to search for a given pattern. |
| 221 |
|
|
| 222 |
@subsection Retrieve a key by Key ID |
@subsection Retrieve a key by Key ID |
| 223 |
The best way to fetch a key from the server is by the key ID. |
The best way to fetch a key from the server is by the key ID. |
| 224 |
Just enter the key ID, it is always a good idea to prefix it |
Just enter the key ID, it is a good idea to prefix it with 0x, and click the "Receive" button. |
|
with 0x and click the "Receive" button. |
|
| 225 |
|
|
| 226 |
An example: |
An example: |
| 227 |
|
|
| 231 |
|
|
| 232 |
|
|
| 233 |
@subsection Retrieve a key by its email address |
@subsection Retrieve a key by its email address |
| 234 |
If you only know the email address from your partner, you can |
If you only know the email address from your partner, you can enter it instead of the key ID. |
| 235 |
enter it instead of the key ID. It is unlikely but possible |
It is unlikely but possible that there are more keys with the same address. In this situation, |
| 236 |
that there are more keys with the same address. In this situation, |
WinPT will warn you that multiple keys were imported. The difference to the search function is, |
| 237 |
WinPT will warn you that multiple keys were imported. The difference |
that the keys were dirctly fetched and not displayed as a key result list. |
|
to the search function is, that the keys were dirctly fetched and |
|
|
not displayed as a key result list. |
|
| 238 |
|
|
| 239 |
|
|
| 240 |
An example: |
An example: |
| 245 |
|
|
| 246 |
|
|
| 247 |
@subsection Search for a key by pattern |
@subsection Search for a key by pattern |
| 248 |
If you want to communicate with a new mail partner and you are |
If you want to communicate with a new mail partner and you are not sure about the key ID, it can |
| 249 |
not sure about the key ID, it can be useful to search for his |
be useful to search for his email address. This address is considered as quite unique. |
| 250 |
email address. This address is considered as quite unique. |
Not all keyserver support this query mode, so if you get an error please use subkeys.pgp.net. |
| 251 |
|
|
| 252 |
An example: |
An example: |
| 253 |
|
|
| 255 |
|
|
| 256 |
[Search] |
[Search] |
| 257 |
|
|
| 258 |
Now a dialog is opened with a list of all keys which matched |
Now a dialog is opened with a list of all keys which matched the search string. If the name |
| 259 |
the search string. If the name @strong{and} the email address |
@strong{and} the email address is known, the matching key should be selected and "Receive" |
| 260 |
is known, the matching key should be selected and "Receive" |
should be clicked. Then the key will be downloaded and added to your keyring. Now you can encrypt |
| 261 |
should be clicked. Then the key will be downloaded and added |
data with this key, for example an email. |
| 262 |
to your keyring. Now you can encrypt data with this key, for |
|
|
example an email. |
|
| 263 |
|
|
| 264 |
@subsection Sending a Key to the Keyserver |
@subsection Sending a Key to the Keyserver |
| 265 |
After you generated a new key pair, it is a good idea to send your |
After you generated a new key pair, it is a good idea to send your key to the keyserver to make |
| 266 |
key to the keyserver to make it available for other users. If you |
it available for other users. If you issue a signature, the key ID is part of the signature and |
| 267 |
issue a signature, the key ID is part of the signature and people can |
people can automatically retrieve your key when they try to verify the signature. |
| 268 |
automatically retrieve your key when they try to verify the signature. |
|
| 269 |
|
Actually, the action is performed in the Key Manager and not in the keyserver dialog. Just open |
| 270 |
Actually, the action is performed in the Key Manager and not in the |
the Key Manager, select the key you want to send right-click on it and chose "Send to Keyserver" |
| 271 |
keyserver dialog. Just open the Key Manager, select the key you want |
in the popup menu. Then a message box with the result is shown. |
|
to send right-click on it and chose "Send to Keyserver" in the popup |
|
|
menu. Then a message box with the result is shown. |
|
| 272 |
|
|
| 273 |
@subsection Add, Delete or Edit a Keyserver Entry |
@subsection Add, Delete or Edit a Keyserver Entry |
| 274 |
The keyserver dialog allow to change the existing keyserver entries, |
The keyserver dialog allow to change the existing keyserver entries, to delete them or to add new |
| 275 |
to delete them or to add new entries. Just right click on a selected |
entries. Just right click on a selected item and a popup menu will be |
| 276 |
item and a popup menu will be shown with ("Edit", "Remove" and "New"). |
shown with ("Edit", "Remove" and "New"). |
| 277 |
|
|
| 278 |
@section Using the Clipboard |
@section Using the Clipboard |
| 279 |
|
|
| 280 |
A major aim from the first day was, that the program does not |
A major aim from the first day was, that the program does not depend on a special mailer client. |
| 281 |
depend on a special mailer client. For this reason it uses the |
For this reason it uses the clipboard to encrypt and/or sign data. |
| 282 |
clipboard to encrypt and/or sign data. |
For the examples, let's assume that you want to write a new mail or that you received a mail |
| 283 |
For the examples, let's assume that you want to write a new |
protected by GnuPG. |
| 284 |
mail or that you received a mail protected by GnuPG. |
|
| 285 |
|
@subsection The Clipboard Editor |
| 286 |
|
This dialog allows it to modify the clipboard contents directly and/or to display the contents of |
| 287 |
|
the clipboard. It is also possible to load a text file into the clipboard or store the contents |
| 288 |
|
into a file. For the convenience, the dialog also allows to encrypt and/or decrypt clipboard data. |
| 289 |
|
|
| 290 |
@subsection Encrypt Data in the Clipboard |
@subsection Encrypt Data in the Clipboard |
| 291 |
Just copy the text from the mailer window into the clipboard. |
Just copy the text from the mailer window into the clipboard. This is usually done by CTRL+C, |
| 292 |
This is usually done by CTRL+C, make sure you really selected |
make sure you really selected all portions of the text. Then right-click on the tray icon and |
| 293 |
all portions of the text. Then right-click on the tray icon |
select Clipboard->Encryption. Now a dialog is shown to select the recipients. This means you need |
| 294 |
and select Clipboard->Encryption. Now a dialog is shown to |
to select all keys which should be able to decrypt the mail. Confirm with "OK". GnuPG now |
| 295 |
select the recipients. This means you need to select all |
encrypts the data with the selected recipients. At the end a message box with the result is |
| 296 |
keys which should be able to decrypt the mail. Confirm with "OK". |
shown. Now the clipboard should contain the encrypted data. Just paste it into the mailer window. |
| 297 |
GnuPG now encrypts the data with the selected recipients. At the |
The output should contain a header and a footer "BEGIN PGP MESSAGE" and "END PGP MESSAGE. |
|
end a message box with the result is shown. Now the clipboard should |
|
|
contain the encrypted data. Just paste it into the mailer window. |
|
|
The output should contain a header and a footer |
|
|
"BEGIN PGP MESSAGE" and "END PGP MESSAGE. |
|
| 298 |
|
|
| 299 |
@subsection Decrypt/Verify Data from the Clipboard |
@subsection Decrypt/Verify Data from the Clipboard |
| 300 |
The most common case is propably that you got a signed email and |
The most common case is propably that you got a signed email and now you want to verify it. For |
| 301 |
now you want to verify it. For this procedure, you have to copy |
this procedure, you have to copy the entire signature in the clipboard. The easiest way is to |
| 302 |
the entire signature in the clipboard. The easiest way is to |
use CTRL+A and CTRL+C, then all available text will be copied. WinPT (GnuPG) is smart enough to |
| 303 |
use CTRL+A and CTRL+C, then all available text will be copied. |
figure out the signature related data. Now go to the taskbar, display the popup menu and select |
| 304 |
WinPT (GnuPG) is smart enough to figure out the signature related |
Clipboard->Decrypt/Verify. Now a new dialog, the verify dialog, should be available on screen |
| 305 |
data. Now go to the taskbar, display the popup menu and select |
with all information about the signature. For example who is the signer, when was it signed how |
| 306 |
Clipboard->Decrypt/Verify. Now a new dialog, the verify dialog, |
much do you try this key and what was signed and most important, the status of it (is the |
| 307 |
should be available on screen with all information about the |
signature good or BAD). |
| 308 |
signature. For example who is the signer, when was it signed |
A special case is when you don't have the public key to verify the signature, if this happens |
| 309 |
how much do you try this key and what was signed and most |
WinPT offers to download the key from the default keyserver. If the key was not found, the |
| 310 |
important, the status of it (is the signature good or BAD). |
procedure is aborted because without the key the sig cannot bed checked. |
|
A special case is when you don't have the public key to verify |
|
|
the signature, if this happens WinPT offers to download the key |
|
|
from the default keyserver. If the key was not found, the procedure |
|
|
is aborted because without the key the sig cannot bed checked. |
|
| 311 |
|
|
| 312 |
@subsection Sign the Clipboard |
@subsection Sign the Clipboard |
| 313 |
We assume that text that shall be signed is already in the |
We assume that text that shall be signed is already in the clipboard. If not, select the text you |
| 314 |
clipboard. If not, select the text you want to sign and copy |
want to sign and copy with via CTRL+C in the clipboard. Now go to the taskbar and open the peopup |
| 315 |
with via CTRL+C in the clipboard. Now go to the taskbar and |
menu, Clipboard->Sign. If you just have one secret key, the passphrase dialog will be automatically shown. |
| 316 |
open the peopup menu, Clipboard->Sign. If you just have one |
All you need is to enter your passphrase and confirm. In case of more available secret keys, a |
| 317 |
secret key, the passphrase dialog will be automatically shown. |
list with all keys is shown and you can select which key shall be used for signing. |
| 318 |
All you need is to enter your passphrase and confirm. In case |
The output is always a cleartext signature which is in text format. Do not try to sign binary |
| 319 |
of more available secret keys, a list with all keys is shown |
clipboard data, the result would be unpredictable and not readable by human beings. |
|
and you can select which key shall be used for signing. |
|
|
The output is always a cleartext signature which is in text |
|
|
format. Do not try to sign binary clipboard data, the result |
|
|
would be unpredictable and not readable by human beings. |
|
| 320 |
|
|
| 321 |
@section The Current Window Support |
@section The Current Window Support |
| 322 |
Compared to the clipboard mode, the CWS mode has some advantages. |
Compared to the clipboard mode, the CWS mode has some advantages. Let us assume that you want to |
| 323 |
Let us assume that you want to extract text from an editor window. |
extract text from an editor window. With the CWS mode, the program automatically tries to focus |
| 324 |
With the CWS mode, the program automatically tries to focus the |
the window to select the text and to copy it to the clipboard and execute the |
| 325 |
window to select the text and to copy it to the clipboard and |
selected command (Sign, Encrypt, Decrypt) and pastes back the GPG data to the window. |
| 326 |
execute the selected command (Sign, Encrypt, Decrypt). |
No manual user interaction is needed. Except this different behaviour, it is very likewise to the |
| 327 |
No manual user interaction is needed. Except this different behaviour, |
clipboard mode and thus we do not describe each command again. |
| 328 |
it is very likewise to the clipboard mode and thus we do not describe |
|
| 329 |
each command again. |
But due to the nature of this mode, it is possible that some kind of windows are not supported. |
| 330 |
|
Which means that the program cannot extract the text from the window. There is nothing we can do |
| 331 |
|
about it, because it depends on the application itself how it reacts on certain Window messages. |
| 332 |
|
But all windows which support the default copy/paste/select all commands should make no problems. |
| 333 |
|
|
| 334 |
@section The Key Manager |
@section The Key Manager |
| 335 |
|
|
| 336 |
This part of the program is propably most important for many users. |
This part of the program is propably most important for many users. It contains function to |
| 337 |
It contains function to manage your keyring and to perform actions |
manage your keyring and to perform actions which are required and/or useful in the OpenPGP environment. |
|
which are required and/or useful in the OpenPGP environment. |
|
| 338 |
|
|
| 339 |
@subsection Tips |
@subsection Tips |
| 340 |
|
|
| 341 |
@itemize @bullet |
@itemize @bullet |
| 342 |
|
|
| 343 |
@item |
@item |
| 344 |
If you want to import quickly a key from a into the keyring, just |
If you want to start the Key Manager directly, you can create a batch |
| 345 |
drag and drop the file into the Key Manager window. Then the import |
file with "winpt.exe --keymanager". This way you do not have to go to |
| 346 |
procedure will be automatically started. |
the task bar enable the icon and click on the Key Manager entry in the menu. |
| 347 |
|
|
| 348 |
|
@item |
| 349 |
|
If you want to import quickly a key from a into the keyring, just drag and drop the file into the |
| 350 |
|
Key Manager window. Then the import procedure will be automatically started. |
| 351 |
|
|
| 352 |
@item |
@item |
| 353 |
Key which were fetched from keyservers often contain a lot of, |
Key which were fetched from keyservers often contain a lot of, maybe obsolete, self signatures, |
| 354 |
maybe obsolete, self signatures, if you want to get rid of them |
if you want to get rid of them you can use the Key Edit->Clean feature. Just start the edit |
|
you can use the Key Edit->Clean feature. Just start the edit |
|
| 355 |
dialog and select the clean command. That's it. |
dialog and select the clean command. That's it. |
| 356 |
|
|
| 357 |
@item |
@item |
| 358 |
The keyserver dialog does not allow to import a key directly |
The keyserver dialog does not allow to import a key directly via an URL, as an alternative you |
| 359 |
via an URL, as an alternative you may use the "Import HTTP..." |
may use the "Import HTTP..." feature in the Key Manager. With it you can directly fetch keys |
|
feature in the Key Manager. With it you can directly fetch keys |
|
| 360 |
from the web (Example: http://www.users.my-isp.de/~joe/gpg-keys.asc). |
from the web (Example: http://www.users.my-isp.de/~joe/gpg-keys.asc). |
| 361 |
|
|
| 362 |
@item |
@item |
| 363 |
To customize the parameters of the generated key, you can use |
To customize the parameters of the generated key, you can use the expert key generation. |
| 364 |
the expert key generation. It allows you to set the public key |
It allows you to set the public key algorithm and/or the size of the key directly. |
|
algorithm and/or the size of the key directly. |
|
| 365 |
|
|
| 366 |
@item |
@item |
| 367 |
Most of the list view based dialogs allow to use the right |
Most of the list view based dialogs allow to use the right mouse button, to show popup menus with |
| 368 |
mouse button, to show popup menus with available commands. |
available commands. |
| 369 |
|
|
| 370 |
@end itemize |
@end itemize |
| 371 |
|
|
| 372 |
@subsection Create a Revocation Certificate |
@subsection Create a Revocation Certificate |
| 373 |
|
It is very important to do this step early as possible. With this certificate, you can revoke |
| 374 |
It is very important to do this step early as possible. With this |
your entire key. The reason for this can be for example, that your key is no longer used or even |
| 375 |
certificate, you can revoke your entire key. The reason for this |
compromised. |
| 376 |
can be for example, that your key is no longer used or even compromised. |
After you generated the revocation cert, you should move it to a secure place because anybody who |
| 377 |
After you generated the revoc cert, you should move it to a secure place |
gets access to it, can render your key unuseable. |
| 378 |
because anybody who gets access to it, can render your key unuseable. |
|
| 379 |
|
Just right-click on your key and select "Revoke Cert". If you do this step directly after key |
| 380 |
Just right-click on your key and select "Revoke Cert". If you do this |
generation, there is no need to change the default values. Just select a file name and enter the |
| 381 |
step directly after key generation, there is no need to change the |
passphrase. The program issues a warning which should be read carefully. |
|
default values. Just select a file name and enter the passphrase. |
|
|
The program issues a warning which should be read carefully. |
|
| 382 |
|
|
| 383 |
@subsection Adding a new Secondary Key |
@subsection Adding a new Secondary Key |
| 384 |
|
For most users the existing keys in the key pair are enough and no extra key is needed. But there |
| 385 |
For most users the existing keys in the key pair are enough |
are some exceptions. |
|
and no extra key is needed. But there are some exceptions. |
|
| 386 |
|
|
| 387 |
@itemize @bullet |
@itemize @bullet |
| 388 |
|
|
| 389 |
@item |
@item |
| 390 |
The primary key has no secondary key and the primary key is not |
The primary key has no secondary key and the primary key is not able to encrypt data. In this |
| 391 |
able to encrypt data. In this case it can be a good idea to |
case it can be a good idea to add a secondary encryption key. |
|
add a secondary encryption key. |
|
| 392 |
|
|
| 393 |
@item |
@item |
| 394 |
A lot of people use secondary encryption keys with an expiration |
A lot of people use secondary encryption keys with an expiration date. Usually the key is valid |
| 395 |
date. Usually the key is valid for 1-2 years. After the key is expired, |
for 1-2 years. After the key is expired, a new key is needed in order to encrypt data. |
|
a new key is needed in order to encrypt data. |
|
| 396 |
|
|
| 397 |
@end itemize |
@end itemize |
| 398 |
|
|
| 399 |
What kind of public key algorithm should be selected is a matter |
What kind of public key algorithm should be selected is a matter of taste. RSA and ElGamal are |
| 400 |
of taste. RSA and ElGamal are both capable for encryption. For most |
both capable for encryption. For most users it's a good idea to let the program chose the key |
| 401 |
users it's a good idea to let the program chose the key size (in bits). |
size (in bits). The default settings should be secure enough for most purposes. |
|
The default settings should be secure enough for most purposes. |
|
| 402 |
|
|
| 403 |
@subsection Adding a new User ID |
@subsection Adding a new User ID |
| 404 |
If you got a new email account, it's propably a good idea to |
If you got a new email account, it's propably a good idea to add these new account to your key |
| 405 |
add these new account to your key also. For example: |
also. For example: |
| 406 |
|
|
| 407 |
A new account was registed at gmail.com (john.doo@@gmail.com). |
A new account was registed at gmail.com (john.doo@@gmail.com). |
| 408 |
Then you should create a new user ID with the following fields: |
Then you should create a new user ID with the following fields: |
| 409 |
|
|
| 410 |
name: John Doo |
name: John Doo |
| 413 |
|
|
| 414 |
comment: (optional) |
comment: (optional) |
| 415 |
|
|
| 416 |
Now email programs are able to associate this address with your |
Now email programs are able to associate this address with your key when somebody wants to send |
| 417 |
key when somebody wants to send you a protected mail to this account. |
you a protected mail to this account. |
| 418 |
|
|
| 419 |
@subsection Adding a new Photographic ID |
@subsection Adding a new Photographic ID |
| 420 |
With this function you can add a photo to your public. It will be |
With this function you can add a photo to your public. It will be displayed in the key property |
| 421 |
displayed in the key property dialog. |
dialog. |
| 422 |
|
|
| 423 |
You just need to select a JPEG file which contains the photo and |
You just need to select a JPEG file which contains the photo and enter your passphrase and |
| 424 |
enter your passphrase and confirm with OK. Please read the note |
confirm with OK. Please read the note in the dialog carefully to make sure the photo has a proper |
| 425 |
in the dialog carefully to make sure the photo has a proper size |
size (file, height and weight). |
|
(file, height and weight). |
|
| 426 |
|
|
| 427 |
@subsection Adding a new Designated Revoker |
@subsection Adding a new Designated Revoker |
| 428 |
If you want to allow another key to revoke your own key, this |
If you want to allow another key to revoke your own key, this might be useful if you lost your |
| 429 |
might be useful if you lost your secret or a simliar situation, |
secret or a simliar situation, you can use this function to add a designated revoker to your key. |
| 430 |
you can use this function to add a designated revoker to your key. |
|
| 431 |
|
All you need to do is to select the key you want to add as a desig revoker. But please bear in |
| 432 |
All you need to do is to select the key you want to add as a desig |
mind that this procedure cannot be undone and that this person really has the power to make your |
| 433 |
revoker. But please bear in mind that this procedure cannot be undone |
public key unuseable. You really should trust the selected key, in case it is not a key owned by yourself. |
|
and that this person really has the power to make your public key |
|
|
unuseable. You really should trust the selected key, in case it is |
|
|
not a key owned by yourself. |
|
| 434 |
|
|
| 435 |
@subsection Export a Public Key |
@subsection Export a Public Key |
| 436 |
There are several reason why to export a public key and there |
There are several reason why to export a public key and there are also several ways to do it. If |
| 437 |
are also several ways to do it. If you want to send the key |
you want to send the key directly to a mail recipient, you can select the key, right-click, |
| 438 |
directly to a mail recipient, you can select the key, right-click, |
and select "Send Key to Mail Recipient". As an alternative, you can also export it to the |
| 439 |
and select "Send Key to Mail Recipient". As an alternative, you |
clipboard or to a file. To export a key to the clipboard, you can select "Copy key to Clipboard" |
| 440 |
can also export it to the clipboard or to a file. To export a |
in the popup menu of the selected key. To export it to a file, you need to select the menu "Key" |
| 441 |
key to the clipboard, you can select "Copy key to Clipboard" |
and then "Export...". The program will automatically suggest a name for the output. |
| 442 |
in the popup menu of the selected key. To export it to a file, |
|
| 443 |
you need to select the menu "Key" and then "Export...". The |
@subsection Export your Secret Key |
| 444 |
program will automatically suggest a name for the output. |
This command should be used with caution because it exports your secret key. Please bear in mind |
| 445 |
|
that you should never export your key to a place where it can be accessed by others. |
| 446 |
|
An USB stick or a likewise mobile storage device should be used for the export. |
| 447 |
|
|
| 448 |
@subsection Import a Public Key |
@subsection Import a Public Key |
| 449 |
Similar to the key import, the import of a key can be done in |
Similar to the key import, the import of a key can be done in several ways. First, let's assume |
| 450 |
several ways. First, let's assume you got a mail with an OpenPGP |
you got a mail with an OpenPGP key included as inline text. Then you can use the current window |
| 451 |
key included as inline text. Then you can use the current window |
feature and "Decrypt/Verify" to import the key. Alternative you also may use the clipboard. |
| 452 |
feature and "Decrypt/Verify" to import the key. Alternative you |
To achieve this, you first need to select the entire key (CTRL+A) and then copy it to the |
| 453 |
also may use the clipboard. To achieve this, you first need to |
clipboard (CTRL+C), then use the Key Manager (Edit->Paste) to import it. If the key is stored as |
| 454 |
select the entire key (CTRL+A) and then copy it to the clipboard |
an attachment, or you want to import a key from a file in general, just drag the file and drop it |
|
(CTRL+C), then use the Key Manager (Edit->Paste) to import it. |
|
|
If the key is stored as an attachment, or you want to import |
|
|
a key from a file in general, just drag the file and drop it |
|
| 455 |
into the Key Manager window or use "Key" -> "Import...". |
into the Key Manager window or use "Key" -> "Import...". |
| 456 |
|
|
| 457 |
@subsection Sign a Public Key |
@subsection Sign a Public Key |
| 458 |
If you verified that a key really belongs to its owner, you |
If you verified that a key really belongs to its owner, you should sign the key to integrate it |
| 459 |
should sign the key to integrate it into your Web of Trust |
into your Web of Trust and also to mark the key as valid in your keyring. Do not sign a key you |
| 460 |
and also to mark the key as valid in your keyring. Do not sign |
just got via email with the request to sign it. Anybody can create a key with your (or better ANY) name, |
| 461 |
a key you just got via email with the request to sign it. Anybody |
these information are no hint to whom the key really belongs. You can check a key |
| 462 |
can create a key with your (or better ANY) name, these information |
by meeting or calling the key owner and verify the key fingerprint of the key with the one |
| 463 |
are no hint to whom the key really belongs. You can check a key |
published by the key owner. Additional checks should be to watch at his driver license or the |
| 464 |
by meeting or calling the key owner and verify the key fingerprint |
identity card to make sure that name of the key matches the name of the key owner. After this |
| 465 |
of the key with the one published by the key owner. Additional checks |
procedure is done, you can open the Key Manager, select the right key and either use the context |
| 466 |
should be to watch at his driver license or the identity card to make |
menu "Sign Key" or use the toolbar button. |
| 467 |
sure that name of the key matches the name of the key owner. After |
|
| 468 |
this procedure is done, you can open the Key Manager, select the |
The next dialog will summarize the key information and some additional options. For example if |
| 469 |
right key and either use the context menu "Sign Key" or use the |
the signature should be local or exportable. Local means the signature will be stripped if you |
| 470 |
toolbar button. |
export the key and no one else except you can use it to calculate the validity. If you mark the |
| 471 |
|
signature exportable, any other user can see and use it. Now you can select the key you want to |
| 472 |
The next dialog will summarize the key information and some |
use to sign and enter the passphrase. Confirm with "OK" and the key will be signed. Now the validity |
| 473 |
additional options. For example if the signature should be |
of the new key is "Full". It is propably a good idea to set the ownertrust of the key. |
| 474 |
local or exportable. Local means the signature will be stripped |
For a detailled description, see the chapter "Key Ownertrust". |
|
if you export the key and no one else except you can use it to |
|
|
calculate the validity. If you mark the signature exportable, |
|
|
any other user can see and use it. Now you can select the key |
|
|
you want to use to sign and enter the passphrase. Confirm with "OK" |
|
|
and the key will be signed. Now the validity of the new key is |
|
|
"Full". It is propably a good idea to set the ownertrust of the |
|
|
key. For a detailled description, see the chapter "Key Ownertrust". |
|
| 475 |
|
|
| 476 |
@subsection Key Ownertrust |
@subsection Key Ownertrust |
| 477 |
First we should explain what the ownertrust of a key is. The ownertrust |
First we should explain what the ownertrust of a key is. The ownertrust is a measurement how much |
| 478 |
is a measurement how much you trust somebody to certify and check keys |
you trust somebody to certify and check keys of other people. For example, if you know that Bob |
| 479 |
of other people. For example, if you know that Bob is really the owner |
is really the owner of the key, you should sign it. But he is also known to sign other keys |
| 480 |
of the key, you should sign it. But he is also known to sign other keys |
without checking the idenity of the other key owner. Values for the ownertrust are |
| 481 |
without checking the idenity of the other key owner. Values for the |
1) Don't Know 2) Don't Trust 3) Marginal 4) Full |
| 482 |
ownertrust are 1) Don't Know 2) Don't Trust 3) Marginal 4) Full |
and thus you should propably use an ownertrust value like "Marginal". But this is a personal |
| 483 |
and thus you should propably use an ownertrust value like "Marginal". |
decision and stored in a separate file and never exported with the public keys. For further |
| 484 |
But this is a personal decision and stored in a separate file and |
information, please take a look into the GNU Privacy Handbook. |
| 485 |
never exported with the public keys. For further information, please |
Just a last work on Key Pairs, they are automatically marked as "Ultimate" because the key |
| 486 |
take a look into the GNU Privacy Handbook. |
belongs to you and you trust it implicit. |
| 487 |
Just a last work on Key Pairs, they are automatically marked as |
|
| 488 |
"Ultimate" because the key belongs to you and you trust it implicit. |
@subsection List Signatures |
| 489 |
|
This dialog contains a list of all signatures of the selected key. The basic dialog, the tree |
| 490 |
|
based version, just shows signatures when the issuer key is in the public keyring. A double click |
| 491 |
|
opens the signature property dialog which contains detailled description about the selected |
| 492 |
|
signature. A dialog which is useful for people who wants to get all information about the key |
| 493 |
|
signatures, can click on the "Edit.." button. |
| 494 |
|
|
| 495 |
|
@subsection Copy Key Information to the Clipboard |
| 496 |
|
Often it is useful to copy parts of the user ID to the clipboard. One example is that you want to |
| 497 |
|
send an email to the key owner or that you want to search the key by the email address or you |
| 498 |
|
want to copy the fingerprint to the clipboard to paste it somewhere else. |
| 499 |
|
This command is available in the popup menu (right click). |
| 500 |
|
|
| 501 |
|
@subsection Delete one or more Keys |
| 502 |
|
To delete a key, or more than one key, you just need to select the keys in the Key Manager and |
| 503 |
|
either select "Delete" or use the toolbar button. |
| 504 |
|
Be careful if you delete a key pair, because you will not be able to decrypt and/or sign data any |
| 505 |
|
longer. In any case you should have a backup of your key pair at a safe place. |
| 506 |
|
|
| 507 |
|
@subsection Re-verify Signatures |
| 508 |
|
After you refreshed or imported a lot of new keys, either from a file or the keyserver, it is a |
| 509 |
|
good idea to re-verify the signature in the keyring. This speeds up listing operations. |
| 510 |
|
|
| 511 |
|
@subsection Refresh one or more Public Keys from the Keyserver |
| 512 |
|
From time to time it can be useful to refresh keys from the keyring. The reason for this is, |
| 513 |
|
that the key might contain new subkeys, user IDs and or new signatures. It is also possible |
| 514 |
|
that the expiration date of a key has been updated or other preferences were changed. And |
| 515 |
|
maybe even the worst case, that a key has been compromised and is now revoked. |
| 516 |
|
If you want to update a single key, select it and right click on it. Then select the item |
| 517 |
|
"Refresh from the Keyserver" in the popup menu. If you do not select any key, the Key Manager |
| 518 |
|
assumes that you want to refresh all keys in the keyring. Please bear in mind that this |
| 519 |
|
can be a lengthy process if you have a lot of keys in your keyring. |
| 520 |
|
|
| 521 |
|
@subsection WinPT Website |
| 522 |
|
If you want to check for updates or general information about the Windows Privacy Tray program, |
| 523 |
|
you can select this menu item. |
| 524 |
|
The WWW webite of WinPT will be loaded in the default browser. |
| 525 |
|
If you want to visit the project website directly, select the "Project Website" entry. |
| 526 |
|
|
| 527 |
|
@subsection The Key Edit Dialog |
| 528 |
|
For the average GPG user, the popup menu of the Key Manager contains all command to manage your |
| 529 |
|
keys. For example to add a key/userid/revoker/photo, just right click on the click and select the |
| 530 |
|
command from the "Add" submenu. |
| 531 |
|
But for advanced users, this dialog contain a lot of extra commands to customize your key. |
| 532 |
|
|
| 533 |
|
The main dialog contains a list of all keys in the first list view box and all user IDs in the |
| 534 |
|
second list view box. The help button gives you a short hint about each command and what it does. |
| 535 |
|
For example you can set the primary user ID via the "primary" command or with "deluid" you can |
| 536 |
|
delete the selected user ID. Please always bear in mind, that most keyserver are not able to |
| 537 |
|
remove user IDs in its database so if another user fetch your 'updated' key from the keyserver |
| 538 |
|
the user ID might be still part of the key. If you want to make an user ID unuseable, you should |
| 539 |
|
revoke it. This is also possible with this dialog. |
| 540 |
|
|
| 541 |
|
@subsection Update your Preferences in the Key Manager |
| 542 |
|
To avoid that the user needs detour to select the taskbar icon, click on it, etc., all |
| 543 |
|
preferences can be changed in the Key Manager via the Edit->Preferences... menu. |
| 544 |
|
|
| 545 |
|
@section The File Manager |
| 546 |
|
|
| 547 |
|
@subsection Introduction |
| 548 |
|
The File Manager is no replacement for an Explorer Extension. If you secure your files frequently |
| 549 |
|
and you want to do this fast and easy, I suggest to install GPGee. It is a program which |
| 550 |
|
integrates itself into the explorer and provide menu entries in the context menu of files and |
| 551 |
|
directory. But the File Manager can be very useful if you just want to decrypt and/or encrypt |
| 552 |
|
some files without additional programs. You can find the File Manager via the symbol in the |
| 553 |
|
taskbar, right click and then "File Manager". |
| 554 |
|
|
| 555 |
|
@subsection An Overview of the GUI |
| 556 |
|
First there are different ways to add (open) files in the Key Manager. The easiest way is to use |
| 557 |
|
drag and drop to add files into the File Manager. Just drag a file from the explorer and drop it |
| 558 |
|
into the File Manager window. The second way is to use File->Open. A dialog opens which is common |
| 559 |
|
for all "File Open" operations in most Windows application. Now you can select one or more files |
| 560 |
|
and confirm. The files will be automatically added to the File Manager window. The main window |
| 561 |
|
consists of a listview with three rows. |
| 562 |
|
|
| 563 |
|
The first row is the status of the file. It can be "ENCRYPTED", "SIGNED", "PUBKEY", "SECKEY", |
| 564 |
|
"SIG" or "UNKNOWN". Dependent on the file status, the File Manager offers different choices. |
| 565 |
|
For example "SIG" enables the verify options in the (popup) menu. "UNKNOWN" is the default for |
| 566 |
|
all plaintext files. |
| 567 |
|
The second row is the file name. And the last row is the status of the operation. It can be |
| 568 |
|
either "", "SUCCESS" or "FAILED". An empty status means no operation was started yet. FAILED |
| 569 |
|
indicates that the GnuPG operation failed. In this case an error message was issued before. |
| 570 |
|
|
| 571 |
|
Now it follows an example: |
| 572 |
|
We assume that user wants to encrypt "c:\My Ideas\GPG GUI.txt". Drag the file from the Explorer |
| 573 |
|
and drop it into the open File Manager, the main window. The file will be added and recognized |
| 574 |
|
as "UNKNOWN". Now we select the file and right click, a popup menu is shown and we select |
| 575 |
|
"Encrypt". An new dialog is opened which looks similar to the Clipboard Encryption dialog. |
| 576 |
|
Just select the recipients and confirm. In contrast to clipboard encryption, file encryption |
| 577 |
|
offers some more extra options. They are described later. And hour glass will be shown as long as |
| 578 |
|
GnuPG takes to encrypt the file. When the procedure is done, the third row should be change |
| 579 |
|
to "SUCCESS" and the first row to "ENCRYPTED". |
| 580 |
|
|
| 581 |
|
@subsection Verify Detached Signatures |
| 582 |
|
Most of the signature are detached, which means that the signature is separated from the data. |
| 583 |
|
Usually you need to verify a detached signature when you have downloaded a software package or |
| 584 |
|
an update of it. The steps to verify such a signature are easy. Just open the File Manager and |
| 585 |
|
drag the detached signature in the File Manager window. |
| 586 |
|
Now select the signature and select "Verify" either via the popup menu or the File menu. |
| 587 |
|
In most cases you propably need to download the verification key, before you can verify the signature. |
| 588 |
|
|
| 589 |
|
@subsection General Options |
| 590 |
|
Now we describe the general options which are possible in some File Manager dialogs. |
| 591 |
|
|
| 592 |
|
@itemize |
| 593 |
|
|
| 594 |
|
@item Text Output |
| 595 |
|
When this option is checked, the output will be encoded in ASCII armor. This can be useful if the |
| 596 |
|
file should be transfered via email. The size of the output file is larger than the usual binary |
| 597 |
|
output. |
| 598 |
|
|
| 599 |
|
@item Wipe Original |
| 600 |
|
If this option is checked, the original file will be deleted after successfull encryption. |
| 601 |
|
This can be useful if data should not be available in plaintext any longer on a machine. |
| 602 |
|
|
| 603 |
|
@end itemize |
| 604 |
|
|
| 605 |
|
|
| 606 |
|
@section A short Note about Cryptographic Issues |
| 607 |
|
|
| 608 |
|
WinPT itself does not perform any real encryption, signing or decryption. Instead it uses |
| 609 |
|
GPG as the backend program which provides all kind of cryptographic code to perform the |
| 610 |
|
needed operations. |
| 611 |
|
|
| 612 |
|
The default values WinPT uses for key sizes, should be sufficient for personal and commercial |
| 613 |
|
security for the next years. If you are concerned about the default values, you can always use |
| 614 |
|
the expert key generation to make your own decision. GPG also provides |
| 615 |
|
default values for symmetric cipher preferences. By default, the AES (Advanced Encryption Standard) |
| 616 |
|
is used which provides a very good security. You can manually modify your key preferences, this |
| 617 |
|
includes cipher, hash, and compression but usually this is not necessary and also can do harm if |
| 618 |
|
you use algorithms which are not very widespread among other OpenPGP programs. |
| 619 |
|
|
| 620 |
|
@section WinPT and Personal Firewalls |
| 621 |
|
|
| 622 |
|
Because the program uses a global hook to remember the last active current window, it might be |
| 623 |
|
possible that Firewalls warn that the process contains a global hook which is a potential |
| 624 |
|
security risk. In some cases, there might be even a warning that key logging is possible. |
| 625 |
|
This is a false alarm because the hook provided by the program, a CTB (Computer Based Training) |
| 626 |
|
hook, can be only used to save handles of newly created windows, or windows which are |
| 627 |
|
activated or in case of a focus change. Details can be found in the source code of the program |
| 628 |
|
or additional information about the CTB hook at msdn.microsoft.com |
| 629 |
|
|
| 630 |
|
To provide access to keyservers and to download HTTP keys, the program |
| 631 |
|
needs to be able to make outbound connections to the following ports: 80 (http), 11371 (keyserver) |
| 632 |
|
|
| 633 |
|
@subsection Using a HTTP Proxy |
| 634 |
|
If you are behind a firewall and you have no chance make a connection to a keyserver, maybe |
| 635 |
|
because of a policy, you can use a http proxy for outbound connections. Open the Keyserver dialog |
| 636 |
|
and click on the button "Change Proxy". A new dialog opens where you can enter the proxy specific |
| 637 |
|
host name and ports. If the proxy requires authentication, you also have to provide your user name |
| 638 |
|
and your password. Please bear in mind that only a base64 authentication is supported and no other |
| 639 |
|
proxy types (SOCKS for example) can be used. |
| 640 |
|
|
| 641 |
|
|
| 642 |
|
@section Reporting a Problem (Bug) or a Feature Request |
| 643 |
|
|
| 644 |
|
For the case that you have problems with the program, that includes crashes or or the handling, |
| 645 |
|
please first check the forum at http://wald.intevation.org to see if someone else reported and/or |
| 646 |
|
wrote about the issue. It is possible that the issue is already solved/answered in the forum. |
| 647 |
|
Plus all other users can benefit of it because maybe another person has the same problem and then |
| 648 |
|
he can check the forum and will find the answer. |
| 649 |
|
|
| 650 |
|
Feature requests can be submitted at the same site in a different tab (Tracker->Feature Request). |
| 651 |
|
There is no guarantee that the request will be implemented in the next version. The reason is, |
| 652 |
|
that other issues might be more important or that the request must be first discussed with other |
| 653 |
|
developers. But each request will be considered. |
| 654 |
|
|
| 655 |
|
For the case that you found a bug, it is very important to provide much details as possible to |
| 656 |
|
allow the developers to track down the problem and to fix it easily. Please do not forgot to be |
| 657 |
|
precise as possible and the best idea is to provide a step-by-step text to reproduce the problem. |
| 658 |
|
|
| 659 |
|
@section Problem with the Program or an unexpected Behaviour |
| 660 |
|
|
| 661 |
|
First let me say that it is very important always to use the newest version. Each new version |
| 662 |
|
contains bug fixes and might also fix usability issues. This is also valid for GPG, WinPT |
| 663 |
|
checks that the minimum GPG version is available but even so it is important and often useful to |
| 664 |
|
have the newest GPG version if this is possible. |
| 665 |
|
|
| 666 |
|
But sometimes the problem is not the software itself, but the software which was involved to |
| 667 |
|
transfer the data. Here are some examples of what could happen: |
| 668 |
|
|
| 669 |
|
- The downloaded file could be broken (FTP ascii->binary issue) and thus WinPT is unable to |
| 670 |
|
verify the signature. In this case you should download the file again. |
| 671 |
|
|
| 672 |
|
- A mailer broke the signature because the line endings were altered or the mail text was wrapped |
| 673 |
|
after the signature was issued. There is no solution to this problem, except to use |
| 674 |
|
a smart Mail Client. |
| 675 |
|
|
| 676 |
|
- A public key (file or clipboard) will not be recognized but the data should definitely contain |
| 677 |
|
one or more keys. Sometimes line endings are messed up or white spaces were removed. In |
| 678 |
|
this case GPG/WinPT is not able to detect when the data begins and the header section starts. |
| 679 |
|
You can use the clipboard editor to see if the ascii armor is broken. If this happened, the |
| 680 |
|
file must be repaired manually or should be sent again. |
| 681 |
|
|
| 682 |
|
- WinPT reports that the key could not be imported because of missing self signature or a |
| 683 |
|
likewise message. To make sure that the receiver can really verify the key belongs to its |
| 684 |
|
owner, the key carries a self signature which can be checked by anybody. Some PGP 2.6 version |
| 685 |
|
do not issue this self signature and some other PGP versions might be also able to |
| 686 |
|
supress its generation. Such a key cannot be used, even if the import were forced. The solution |
| 687 |
|
to this problem is easy but sometimes not possible. Ask the key issuer to self sign his key and |
| 688 |
|
to upload it to the keyserver or send it again. |
| 689 |
|
But sometimes companies have a policy and thus newly generated keys are not self signed. I do |
| 690 |
|
not know what to do in this case except for asking if it would be possible to sign a copy of |
| 691 |
|
the key. |
| 692 |
|
|
| 693 |
|
- You received a message from a user which uses PGP and WinPT/GPG will not be able to decrypt it. |
| 694 |
|
First let me say that this should happen very seldom with newer (PGP >= 7) versions of PGP. |
| 695 |
|
The reason could be, that IDEA has been used. A patented Cipher which is not included in GPG. |
| 696 |
|
GPG will not be able to decrypt the data because it has been ciphered with IDEA. There is no |
| 697 |
|
solution for this problem, except to use the IDEA plug-in. But be advised that the IDEA |
| 698 |
|
algorithm is only free for private use and NOT for commercial mails. |
| 699 |
|
|
| 700 |
|
Another problem could be, that your files cannot be automatically decrypted by the receiver |
| 701 |
|
(who uses PGP) because the file extension of it is .GPG. You can solve this problem by changing |
| 702 |
|
the default extension in the WinPT preferences from .GPG to .PGP. |
| 703 |
|
|
| 704 |
|
To minimize the change of problems when you communicate with a PGP user, you can add "pgp8" or |
| 705 |
|
"pgp7" to your gpg.conf. This can be done via the Key Manager |
| 706 |
|
->Edit->Preferences...->GPG Config Preferences. |
| 707 |
|
|
| 708 |
|
|
| 709 |
|
@section How can I help the Project |
| 710 |
|
|
| 711 |
|
There are several ways to help the project. For example you could provide (or work on) the |
| 712 |
|
existing documentation or write new docs. You could translate WinPT into a new language or |
| 713 |
|
maintain an existing language file. Of course it is also possible to contribute code or to |
| 714 |
|
become part of the WinPT developer crew. |
| 715 |
|
|
| 716 |
|
@subsection What I need for Development |
| 717 |
|
First, you need a Windows C-compiler and knowledge how to use the tools and the Win32 API. There |
| 718 |
|
is no need to use MS-Visual C, you can use Ming-W32 (gcc) and a free IDE to hack some code. |
| 719 |
|
The default building environment is a mingw32 hosted on Linux and it produces W32 executables. |
| 720 |
|
|
| 721 |
|
If you plan to contribute some code or to work on an item from the TODO file, please contact me |
| 722 |
|
first to make sure no one else is working on it and that and we can discuss the details. |
| 723 |
|
|
| 724 |
|
@section Closing Words |
| 725 |
|
Please remember that currently the core WinPT crew is just me and thus it might take some time to |
| 726 |
|
respond to forum messages, and mails. If my spare time allows it, I try to respond quick as |
| 727 |
|
possible. But as a free software project, I do most coding in my spare time and I can't guarantee |
| 728 |
|
anything. If you need commercial support for WinPT or GPG in general, |
| 729 |
|
please contact g10 Code GmbH. |
| 730 |
|
|
| 731 |
@bye |
@bye |
Parent Directory
| 
Revision Log
| 
Patch